Five essential steps to shift security left (Episode I)

DevOps as a concept has been thoroughly examined, interpreted, and dissected in a multitude of different ways over the last decade since the term itself was coined by Andrew Shafer and Patrick Debois at the 2008 Agile Toronto conference. However, let’s take a step back and review what DevOps is, in order to better understand how DevSecOps fits in.

DevOps is a cultural, and organizational way of unifying development and IT operations work. This practice seeks to empower software development teams to more consistently meet or surpass their objectives for on-time delivery of high quality software that meets the needs of the business. But where does security fit in and why is it important to the development process? And, maybe the most frequent question – where do I start?

Similar to operations, security’s aim to minimize enterprise risk occasionally conflicts with development’s need for constant change. What if I told you there is a middle ground that enables development teams to deliver code that is more secure – at the speed of DevOps? But…there is a slight catch. This middle ground requires that security adapt to 5 essential steps that have proven successful for DevOps.

One of the main principles of creating a culture of security, is to make it something that everyone within your organization is responsible for. Chris Wysopal, CTO and co-founder at CA Veracode provides some guidance on how this is done, why we have to automate security, and more. To learn more, check out the video below!